CISSP Certification exam preparation notes, is a hard exam, is about computer security seen from different ten domains, but it's not much deep in each domain.

Saturday, May 3, 2008

Common Criteria

Common criteria is an ISO standard product evaluation which includes ITSEC and TCSEC.CC evaluates the protection profiles (PPs) and security targets.

Assurance levels:

EAL 1 Functionally tested, all the threats to security are not seen as serious.EAL 2 Structurally tested, low to moderate level of independently guaranteed security..EAL 3 Methodically tested and checked, moderate level of independently ensured security.EAL 4 Methodically designed, tested and reviewed. Developers or users require a moderate to high level of independntly ensured security.EAL 5 Semiformally designed and tested, the requirement is hight level of independently ensured security.EAL 6 Semiformally verified, designed and tested, for hight risk situations.EAL 7 Formally verified, designed and tested, for extremelly high risk situations.

Adding to this list would be the list of relevant articles at 100Questions Exam Portal (http://www.100qns.com), which has a good set of reference articles on CISSP domains, CISSP Tips on security architecture and design, physical and environment security, cryptography and many more. The only thing is that it is not a pure CISSP site but also contains other exams, but it's neat interface makes it easy to find the CISSP resources.

The other good thing is that you can test your CISSP knowledge and prepare for the exam via the exam library, which contains free-to-try exam questions. The CISSP section could be accessed from the drop-down menu, and because the portal covers several topics, it could be confusing initially due to the enormous amount of data, but if you spend some time navigating the contents you might be well-rewarded!